This blog is all about Cyber Security and IT

Wednesday, October 5, 2022

What is an IDOR?


IDOR stands for Insecure Direct Object Reference and is a type of access control vulnerability.

This type of vulnerability can occur when a web server receives user-supplied input to retrieve objects (files, data, documents), too much trust has been placed on the input data, and it is not validated on the server-side to confirm the requested object belongs to the user requesting it.



Imagine you've just signed up for an online service, and you want to change your profile information. The link you click on goes to, and you can see your information.

Curiosity gets the better of you, and you try changing the user_id value to 1000 instead (, and to your surprise, you can now see another user's information. You've now discovered an IDOR vulnerability! Ideally, there should be a check on the website to confirm that the user information belongs to the user logged requesting it.




Post a Comment